HTTP Status Codes

Do you know how much of your traffic is 404 Not Found ? This new counter group breaks up your HTTP traffic stats by response code. Gain valuable insights into web activity and add another entry point to begin hunting style analysis.

Metrics over time

Totals for any time interval. Use Retro→Counters

Things to try

Download PCAPS of all Permission Denied flows for further investigation

Create Threshold Crossing Alerts for these once you have a baseline

Create flow taggers for “abnormal” responses.

Flows tagged by HTTP responses, query and pull PCAPs for further analysis

HTTP Methods

In addition to HTTP Hosts and HTTP Content-Types now you can keep an eye on what kinds of HTTPmethods are traversing your network. This new counter group breaks up web traffic by HTTP methods, such as GET/POST/HEAD/PUTs.

Traffic by HTTP methods

ICMP Types

Do you know what percent of your traffic is ICMP ? Trisul 3.6 takes it a bit further and gives you a complete breakup of ICMP Type + Codes This can be of great use to detecting a number of network level issues.